Google to Apple Gird for FTC-Led Mobile-Privacy Crackdown

That has big implications for Google and Apple, which together account for 91 percent of smartphone operating systems. Photographer: Adam Berry/Getty Images

Feb. 26 (Bloomberg) -- As the government clamps down on
alleged privacy violations by mobile applications, Google Inc.,
Apple Inc. and legions of software developers are girding for
fines and rules that analysts say threaten to stifle growth.

The U.S. Federal Trade Commission, which this month fined
Path Inc., a social-networking site, $800,000 for unauthorized
collection of user data, is investigating a rising number of
mobile apps for privacy violations. California Attorney General
Kamala Harris is stepping up scrutiny of app makers, and
congressional lawmakers are planning legislation that would
require programmers to bolster disclosure and data protection.

Developers rely on tools that track users’ whereabouts,
surfing habits and buying preferences to pack their apps with
ads and features. Yet, with vast amounts of personal data bought
and sold over the Web, user privacy is at risk. Therein lies a
conundrum: More fines and tighter rules to protect consumers
could boost costs for small companies whose apps are fueling
demand for mobile advertising, tablets and smartphones.

“Privacy measures could directly impact the development of
the mobile-advertising market,” said John Jackson, an analyst
at Framingham, Massachusetts-based researcher IDC. “Any
legislative actions could lead to very heavy setbacks.”

That has big implications for Google and Apple, which
together account for 91 percent of smartphone operating systems.
Google’s Android is the most widely used software for the
devices, followed by Apple’s iOS, according to IDC. The
companies keep part of the revenue generated by app sales while
making money from ads embedded in certain applications. Facebook
Inc. and Twitter Inc. also make app versions of their social-media services available for download on mobile devices.

Safeguarding Data

These companies are taking steps to safeguard user data and
lessen the likelihood of a raft of new rules.

Apple’s efforts include “limited ad tracking and the
ability for customers to manage their privacy settings for
location, contacts, photos and more,” said Tom Neumayr, a
spokesman for Cupertino, California-based Apple.

The company vets all apps before they’re made available in
its App Store and offers a tool called Restrictions, which lets
parents prevent kids from installing or deleting apps, making
in-app purchases and accessing certain other features.

Google updated its developer program policy in August to
prohibit apps that disclose personal information without user
consent. Facebook lets customers adjust settings so they can
search and filter each piece of content that’s shared publicly.

Increased Enforcement

Increased enforcement and the cost of complying with new
regulations could eventually push small developers out of
business, Erica Sadun, an author of books on mobile-app
development, said via e-mail. Even small fines can add up for
fledgling companies that, according to estimates by GigaOM Pro,
on average generate less than $500 a month from sales of
downloadable apps.

“One-man shops may be driven under or may simply start
avoiding anything that involves any user identification
whatsoever,” Sadun said. “An onerous requirement would be a
tipping point that could potentially sink the independent
developer, and a hazy one would open them up to potential
lawsuits.”

App makers are already feeling the heat. Path, which lets
people form tight-knit online social networks, was penalized for
collecting information from children without the consent of
their parents. In response, Path closed its services to children
under 13, and, by terms of the settlement, must commission
independent privacy assessments every other year for the next 20
years.

‘Apps Failed’

According to an FTC review of 400 apps for kids, “most
apps failed to provide any information about the data collected
through the app, let alone the type of data collected, the
purpose of the collection, and who would obtain access to the
data. Even more troubling, the results showed that many of the
apps shared certain information with third parties -– such as
device ID, geolocation, or phone number -– without disclosing
that fact to parents.”

More strictures are coming. The FTC’s revised Children’s
Online Privacy Protection Rule, taking effect in July, will
require app makers to get parental consent to collect
information from children. That will result in about $10,000 in
legal costs per developer, costing $270 million for makers of
education apps for Apple devices alone, said Morgan Reed,
executive director of the the Association for Competitive
Technology, whose members include Apple, Facebook and Microsoft
Corp.

Sensitive Information

“We recognize that app developers are small, but their
size should not excuse their responsibility to consumers, given
the sensitive information they may handle,” Christopher Olsen,
assistant director at the FTC’s division of privacy and identity
protection, said in an interview. “Certainly we’ll be active on
the enforcement front.”

The FTC formed a mobile-technology unit about two years ago
and has staff members looking at mobile apps at various
divisions, such as the one focused on advertising, he said. The
agency issued a 36-page report Feb. 1 with recommendations on
how developers and app stores should protect users’ privacy.

Among the recommendations: companies such as Apple, Google,
Microsoft, Amazon.com Inc. and Research In Motion Ltd. should
set more privacy requirements for developers. For instance, it
asked for real-time notifications to users whenever their
personal information is accessed.

Trust Questioned

Congressional lawmakers are working on legislation this
year that would tighten mobile privacy protection and improve
disclosure. The Apps Act will be referred to a House Energy and
Commerce Committee subcommittee, according to Andy Phelan,
communications director for Representative Hank Johnson, a
Democrat from Georgia.

The Apps Act asks developers to obtain users’ consent to
terms and conditions governing collection of user data. It also
gives the government oversight of how and when privacy notices
should be provided to users.

States, led by California, are devoting attention to mobile
apps as well. California Attorney General Harris sued Delta Air
Lines Inc. in December for not posting a privacy notice within
its “Fly Delta” mobile app. The suit seeks to stop Delta from
distributing the app without a privacy policy and includes
penalties of up to $2,500 for each violation.

“It was clear to us that a lot more could be done to
improve the disclosures,” Olsen said. “Apps need to do more to
avoid raising consumer trust concerns -- raising questions as to
whether apps in general can be trusted.”